1. Field of the Invention
This invention relates generally to the management of groups for the Unix operating system.
2. Description of the Related Art
In Unix environments, the NIS (Network Information Service) group map is used to assign Users to Groups. This is the default Unix mechanism to provide security to files stored within the Unix environment. However, the NIS group map is an unsophisticated flat file that simply lists which Users are in which Groups. It understands Groups, and Members, and not much else. The default implementation also does not provide any more sophisticated functionality for the management of Groups.
In addition, the NIS group map is typically accessible only by Root Users of the system. In most company environments, the Root Users are members of the IT organization. However, most of the determinations of which individuals should belong to which Groups are made by members of other organizations (e.g., the engineering department, or the sales department, or the finance department), since they know which individuals require access to which files. The IT organization typically does not have insight into who should or should not be a Member of a specific Group and therefore be able to gain access to data stored within the associated NIS domain.
As a result, delay is introduced when changes are to be made to the group map. For example, if an engineering manager determines that a certain employee is to be added or removed from an NIS Group, the engineering manager must notify the IT organization, using appropriate procedures to safeguard against unauthorized changes. The IT organization then validates the request and makes the requested change, but operating on its own time schedule and priorities.
An alternative is to give the engineering manager Root access to the Unix environment. However, security can be compromised if errors are introduced by non-IT-qualified personnel making changes to enterprise level infrastructure, such as the master NIS group map.
Companies typically work within the limitations of the NIS system. They may build manual processes to implement changes to the group map. These processes can be time-consuming and error prone. In addition, with manual processes, it may be difficult to track changes to the NIS group map and to later produce an accurate history of these changes. This can pose regulatory or audit issues, or at least make it more difficult to comply with regulatory requirements or audit requests.
Thus, there is a need for better approaches to the management of Groups within Unix environments.